With the Australian Cyber Security Centre considering the current risk of terrorist groups using a cyber-attack to impact Australia’s interests and security as low, the threat has not been included in the country’s terrorism reinsurance pool.
The Australian Reinsurance Pool Corporation (ARPC) was set up in 2003 to correct a market failure caused by global reinsurers withdrawing coverage for commercial property damage in the wake of the events of September 11.
In a report released by the ARPC, it was stated that terrorist groups lack the “technical sophistication to threaten Australia’s security using cyber means at this time.”
The report states that, for now, terrorist groups are likely to continue to use basic methods, such as defacing websites and hacking social media accounts.
As a general principle, governments should consider intervening in the insurance market only where there is clear and demonstrated market failure, the report adds.
It was also determined that the insurance industry has in fact risen to the threats and challenges posed by cyber attacks.
As Australian businesses have become more aware of the threat, there has been a surge in demand from some businesses for measures to manage that risk, albeit from a low base, the report states.
“As understanding of new risks have increased, the insurance market has developed coverage solutions. Capacity to underwrite risk has followed. Insurance cover for cyber risk is becoming increasingly available. Alongside better cyber security practices, insurance is becoming part of a wider toolkit of risk reduction measures for many businesses.”
The review also notes the challenges inherent to classifying cyber aggression within the bounds of ‘terrorism’, stating that, as incidents tend to emanate from overseas, the culprits and their intent could be difficult to determine.
The review concludes that the Government will continue to monitor developments in the cyber insurance market and the evolving cyber security environment.